AIwarenessStarted in August 2021
Targeted phishing on employees is a persistent and concerning threat. Accurate detection of targeted phishing on employees is therefore a very valuable challenge to solve, since it enables organizations to stop adversaries early in the kill-chain.
According to the PCSI Cyber Security Radar, spear phishing was the most used attack for intial access by APT’s in 2010, and ever still in 2020. Over the past 2 years the PCSI partners have developed several machine-learning technologies for detecting targeted phishing on employees. The main challenge was to validate the performance of such detection technologies, because it is time consuming to manually confirm an email to be malicious. The employee itself is most knowledgeable about whether an email is contextually ‘normal’, a computer can best detect technological abnormalities, and the security analyst is the right person for drawing a final conclusion on whether an email is malicious or benign.
In this project we propose to develop a system in which the employee (the target), SOC analyst, and detection capabilities all come together in a positive feedback loop. It will support the employee to be resilient for phishing at the right time, it will decrease the workload for SOC analysts, and lastly both the employee’s and SOC analyst’s feedback will help improve the detection algorithm performance. We believe this idea is unique in the sense that it propose to utilize machine learning based detection technologies, employee contextual knowledge, and a SOC analysts expertise in synergy.
Why do we want to work on this idea within the PCSI?
Since targeted phishing on employees is a persistent and hard-to-solve challenge we believe that cooperation between the PCSI partners can bring us one step further. Another conclusion that can be drawn from the fact that the most popular method for initial access by APT’s over the past 10 years has been, and still is, spear phishing, is that clearly no market product has fully solved this challenge.
Investigations in the Explore phase
In the first phase of this project we will explore whether the proposed solution is of added value for the PCSI partners, next to the anti-phishing solutions currently in use. Specifically we will concretize the business case for such a system, and based on this (re-)design the proposed Proof-of-Concept plan.
Our aims at the end of the project:
- Improved employee resilience against phishing, supported by machine learning based detection capabilities that can alert a user at the right time
- Continuous reduction of workload for SOC analysts when handling phishing alerts
- Continuous improvement of detection algorithms, utilizing all incoming feedback from employees and SOC analysts
This project is part of the trend
Evolvement of highly personalized social engineering
Social engineering is a technique of manipulating people so they give up confidential information. People are being tricked by personalized content, phone calls and scams. Phishing is a type of common social engineering scam that attempts to fraudulently obtain sensitive information using email. By using spear phising a single individual will be targeted with a more personal approach. For example deepfake voice technology allows people to spoof the voices of other people and commit identity fraud.